LastPass users: Your info and password vault data are now in hackers’ hands – Ars Technica

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” Toubba said. “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data.”

Article Link

LastPass users: Your info and password vault data are now in hackers’ hands – Ars Technica

More Stories

Ace holed: Hardware store empire felled by cyberattack • The Register

“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day | Ars Technica

The Columbus Zoo and Aquarium Earns Accreditation From the Association of Zoos & Aquariums | Columbus Zoo and Aquarium

Continuity Management

Cellphone outage hits AT&T customers nationwide; Verizon and T-Mobile users also affected | Fox Business

Overheating datacenter stopped 2.5 million bank transactions • The Register

Hosting firm says it lost all customer data after ransomware attack

Heavy workloads driving IT professionals to resign – Help Net Security

Technology Management

Rebalancing NIST: Why ‘Recovery’ Can’t Stand Alone

Newly detailed ‘Tycoon 2FA’ phishing kit bypasses multifactor authentication – SiliconANGLE

How the New NIST 2.0 Guidelines Help Detect SaaS Threats

4 tabletop exercises every security team should run | CSO Online

Crisis Management

Johnson Controls says ransomware attack cost $27 million, data stolen

First American takes IT systems offline after cyberattack

Biggest global threat since 1930s looms and every CEO talking about it

Ace holed: Hardware store empire felled by cyberattack • The Register

Emergency Management

How to Align Your Incident Response Practices With the New SEC Disclosure Rules – SecurityWeek

Why the toxins from the Ohio train derailment could have posed deadly threats for residents nearby – ABC News

Train derails, goes up in flames in Ohio, causes half of town to evacuate – ABC News

Shrinking Mississippi River Puts American Farm Trade at Risks

Risk Management

Measles outbreak prompts health warning | NBC4 WCMH-TV

CISA hit by hackers, key systems taken offline

Insurance giant Fidelity hit by data breach — thousands of customers may have had data stolen | TechRadar

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security

Compliance

Liberty University fined $14 million by Dept. of Education over failure to comply with campus safety standards | Fox News

Be Ready For The Brussels Effect — It’s Coming To Data And AI

Revisit Your Password Policies to Retain PCI Compliance

Payment card security remains lax, says Verizon Business report | ZDNet